(19) 



J 



(12) 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 

EUROPEAN PATENT APPLICATION 



lIllIilllllllljlllllllffilllllN 

(11) EP 0 869 651 A1 



(43) Date of publication: 

07.10.1998 Bulletin 1998/41 

(21) Application number: 97650011.6 

(22) Date of filing: 01.04.1997 



(51) int. Cl. s : H04L 29/06, H04L 12/22 



25-APP ■ -,, . 



(84) Designated Contracting States: 


(72) Inventor: Grunner, Ove 


AT BE CH DE DK ES R FR GB GR IE IT LI LU MC 


Dublin 14 (IE) 


NL PT SE 




Designated Extension States: 


(74) Representative: 


AL LT LV RO Si 


O'Connor, Dona! Henry et al 




c/o Cruickshank & Co., 


(71) Applicant: 


1 Holies Street 


TELEFONAKTIEBOLAGET LM ERICSSON 


Dublin 2 (IE) 


126 25 Stockholm (SE) 





(54) A method and apparatus for secure data communication 



(57) A user system (2) recognises data as being 
either secure or general (non-secure). The data may be 
for performing on-line transaction processing or banking 
via the Internet. The user system (2) transmits the 
secure data from an ISDN circuit (6) on the D-channel, 
and the general data on the B-channei. The digital 
exchange (8) routes the general data via the Internet 
(12) to a service provider (3). A frame handler in the dig- 
ital exchange (8) recognises the secure data in the D- 
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channel and routes it via a physically separate telecom- 
munications link (20) to the service provider (3). The 
alternative route (20) may include a management func- 
tion connected by leased lines on each side to the 
exchange (8) and the service provider (3). The service 
provider (3) merges the secure and general data and 
performs the usual transaction processing operations. 
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Description 
INTRODUCTION 

Field of the Invention 

The invention relates to communication of data 
between data processing systems in which secure data 
is transmitted between the systems via a secure chan- 
nel. The term "secure data" means data which is confi- 
dential so that the user wishes to ensure that it has the 
maximum protection from unauthorised access. 

Prior Art D iscussion 

It is quite commonplace for secure data such as 
credit card numbers to be transmitted via telephone 
voice channel, via fax transmissions, or using DTMF 
tones with a telephone. In a limited way, such communi- 
cation can be quite effective. For example, there is 
growing use of DTMF interaction for automatic 24-hour 
on-line banking. This type of communication is regarded 
as being quite secure. 

However, such communication is quite limited and 
cannot provide the range of services and flexibility 
which can be provided by systems such as PCs con- 
nected to a host system. An example is a connection to 
an Internet service provider. 

It is also known to transmit secure data in a broad- 
casting system, as described in GB 2154108 (Commu- 
nications Patents Limited). An arrangement is 
described in this specification whereby a subscriber 
selects a secure channel dedicated to the transmission 
of encrypted data and his or her terminal is temporarily 
connected to the secure channel. The channel is used 
for communication of encryption keys. The system 
includes a channel selector, a secure channel signal 
generator, and a secure channel selection detector at 
the head end. The user end includes a receiver, a chan- 
nel selector controller, a decryptor, an algorithm store, 
and an encryptor. This system involves much signalling 
to establish communication and requires special hard- 
ware. Further, it does not appear that it would provide 
the necessary versatility which is required for genera! 
communication in which a large portion of the data to be 
communicated is not necessarily secure data. 

SUMMARY OF THE INVENTION 

The invention provides a data communication 
method carried out by mutually remote data processing 
systems, the method comprising the step of a system 

transmitting secure data to the other system via a 
secure channel, characterised in that the method com- 
prises the further steps of:- 

a system identifying category of data as beii g 
either secure or general, 
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said system transmitting the general data via a gen- 
eral channel which is at least partly physically sep- 
arate from the secure channel, and 

5 the receiving system receiving both the secure and 

general data via the secure and general channels 
and merging it. 

Thus, the invention provides a large degree of flexi- 

10 bility because the a system handles both secure data 
and general data and can simultaneously transmit both 
types. This also allows a fast response as there are no 
serial communication delays. The invention thus, for 
example, allows a PC to communicate with a remote 

is system such as a service provider using an Internet 
access program to achieve the comprehensive and flex- 
ible services which can be provided in this manner, 
while also ensuring that secure data is transmitted via a 
secure path. The roles of the receiving and translating 

20 systems may be reversed at any time including during a 
single communications session This allows bi-direc- 
tional secure data communication. 

In one embodiment, the transmitting system com- 
prises means for automatically identifying data cate- 

25 gory. 

In one embodiment, the transmitting system auto- 
matically recognises the category of the data according 
to programs initially received from the receiving system. 

Preferably, the secure channel is a signalling chan- 
30 nel associated at the terminating points with the general 
channel. 

In one embodiment, the secure channel has a lower 
bandwidth than the general channel. 

In another embodiment, the method comprises the 
35 further step of the receiving system transmitting a 
secure channel address to the transmitting system, for 
example, via the general channel. 

In one embodiment, both the secure and general 
data are received by an exchange connected to the 
40 transmitting system and the exchange routes secure 
data via a telecommunications link to the receiving sys- 
tem. 

in one embodiment, the exchange routes the 
secure data to the receiving system via a management 

45 function. 

In one embodiment, the exchange routes the 
secure data to the management function via a leased 
line. 

In another embodiment, the management function 
so routes the secure data to a system via a leased line. 

Preferably, the management function comprises a 
matrix correlating remote data processing system 
addresses used by said systems with addresses for a 
protocol between the exchange and said systems. 
55 In one embodiment, the secure channel comprises 
the D-channei of an ISDN connection, and the general 
channel comprises the B-channel of the ISDN connec- 
tion. 
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According to another aspect the invention provides 
a data communication method carried out by a user sys- 
tem and a remote host system, the method comprising 
the step of the user system transmitting secure data to 
the remote system via a secure channel characterised 5 
in that- 

the secure channel includes the D-channel of an 
ISDN connection, 

10 

the user system identifies category of data as being 
either secure or general, 

the user system transmits the general data via an 
ISDN B-channel, a digital exchange connected to 15 
the user system routes the general data via a non- 
secure path to the host system and routes the 
secure data via a physically separate telecommuni- 
cations link to the host system, and 

20 

the host system receives both the secure and gen- 
eral data and merges it. 

In one embodiment, a digital exchange routes the 
secure data via a management function to the host sys- 25 
tern. 

In one embodiment, the management function 
comprises an addressing matrix to allow communica- 
tion with a large number of host systems requested by 
the user system. 30 

The invention also provides a data processing sys- 
tem comprising means for transmitting secure data to a 
remote data processing systems via a secure channel, 
characterised in that a data processing system further 
comprises means for:- 35 

identifying category of data as being either secure 
or general, and 

transmitting the general data via a general channel 40 
which is at least partly physically separate from the 
secure channel. 

DETAILED DESCRIPTION OF THE INVENTION 

45 

The invention will be more clearly understood from 
the following description of some embodiments thereof, 
given by way of example only, with reference to the 

accompanying drawings, in which :- 

50 

Fig. 1 is a schematic overview illustrating a user 
system and a remote host system and the manner 
in which they communicate with each other; 

Fig. 2 is a diagram illustrating the manner in which ss 
a large number of user systems ::an zomrmn -.?:■■ 

with a number of remote host systems; and 



Fig. 3 is a diagram illustrating operation of a user 
system of Fig. 1 . 

Referring to Figs. 1 and 2, there is shown a data 
processing and communication system 1 . The system 1 
comprises a number of user systems 2, and a number 
of remote host systems, in this embodiment Internet 
service providers 3. However, the system may alterna- 
tively comprise just two data processing systems com- 
municating with each other. 

Each user system 2 comprises a data processor 5 
which is a conventional microcomputer data processor, 
and a subscriber communication circuit 6 which in this 
embodiment is a digital ISDN circuit. The data proces- 
sor is programmed to allow communication for such 
things as payment of bills and on-line banking generally. 

These programs identify data as being either 
secure or general. Secure data is transmitted on the D- 
channel of an ISDN line 7, and general data on the con- 
ventional B-channel. The ISDN line 7 connects the cir- 
cuit 6 to a digital exchange 8. The exchange 8 is 
completely conventional and routes the data transmitted 
on the D-Channel separately from the B-channel data. 
Thus, general data is transmitted in conventional man- 
ner via the B-channel of the ISDN line 7 and the Inter- 
net. However, secure data is transmitted on a secure 
path comprising the ISDN line 7 D-channel and a tele- 
communications network linking the exchange 8 and 
the service provider 3. A telecommunications network 
link is much more secure than an Internet link. 

Referring additionally to Fig. 3, a communication 
method carried out by the system 1 is described in flow- 
chart form. In a step 31 , the data processor 5 receives 
programs from the service provider 3 via the ISDN cir- 
cuit 6. In step 32 the data processor also receives a tel- 
ecommunications address of the service provider for 
sending secure data over the secure path. Alternatively, 
the address may be inputted to the user system by the 
user after communication by letter or telephone such as 
upon registration to a service. Thus, in addition to the 
usual Internet communication address which is used, 
the subscriber data processor 5 also has a telecommu- 
nication address which can be used for secure data 
communication. 

In step 33, the data processor 5 receives user 
inputs and processes the data using the programs 
which have been received from the service provider 3. 
These inputs may, for example, relate to on-line pur- 
chasing of goods. In this example financial account data 
may be regarded as secure. In step 34, the data proces- 
sor 5 identifies secure data fields within the data. This 
may be achieved, for example, using templates which 
are received from the service provider, the templates 
indicating particular fields for secure data, the remaining 
being for general data. Alternatively, the user may indi- 
cate the secure data by inputting a flag when inputting 
the data. The important point is that the data processor 
5 recognises category of the data as being either 
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secure or general. 

The data processor 5 directs operation of the ISDN 
circuit 6 to transmit a data upload to the service provider 
3 in which the secure data is transmitted on the ISDN D- 
channel in step 35 and the general data is transmitted 
using the ISDN B-channel in step 36. The D-channel is 
a low-bandwidth signalling channel which is used for 
such things as call set-up and call termination. However, 
there is sufficient bandwidth within this channel to 
include secure data such as sensitive financial or 
encryption key data. 

In step 37, the frame handler within the digital 
exchange 5 intercepts the secure data on the D-chan- 
nel. 

The general data is routed in step 38 in the conven- 
tional manner to the Internet 12. The connection 
between the exchange 8 and the first node in the Inter- 
net 12 may be a dial-up connection. The final connec- 
tion between the Internet 1 2 and the service provider 3 
may be a leased line 13. While these first and final links 
are quite secure, it is generally acknowledged that data 
transmitted via nodes of the Internet 12 is more open 
than data transmitted via telecommunication network 
links. However, this is not a problem as the data is not 
sensitive. 

The frame handler of the digital exchange 8 routes 
the secure data in step 39 to the service provider 3 on a 
telecommunications link 20. This is a completely differ- 
ent and physically separate path. 

Referring in particular to Fig. 2, the manner in which 
this is achieved is described in more detail. In this 
embodiment the telecommunications link includes a 
management function 21 . The management function 21 
uses a combination of the sending identity and a termi- 
nal endpoint identifier (TEI) value between 0 and 63. 
The management function 21 has a matrix which 
selects the final destination of an unlimited number of 
service providers 3 and transmits it to the destination via 
a leased line. 

It will be appreciated that the link between the 
exchange 8 and the service provider 3 is completely dif- 
ferent for the secure data than for the general data. The 
telecommunication address which is initially transmitted 
to the user system is used for identification of the cor- 
rect service provider in the management function 
matrix. This path is controlled independently of the gen- 
eral data path - an aspect which is very important for 
secure communication. 

In step 40 of Fig. 3, the service provider 3 merges 
the secure and general data to complete the necessary 
transaction processing. 

In another embodiment, the exchange frame han- 
dler recognises a Service Access Point Identifier (SAP!) 
of a particular value as being a signal to route the data 
to the management function 21 . In this way, the opera- 
tion of the frame handler could be integrated with a 
more general packet switching arrangement whereby 
the SAPI value can determine whether the manage- 



ment function 21 should be used or general packet 
switching networks such as the X.25 network should be 
used. There are many possibilities, the important point 
being that because the secure data is in a different 
5 channel when it is received at the exchange, it may be 
handled differently and routed via an alternative and 
physically separate link to the destination service pro- 
vider. This is achieved simply because the secure data 
is identified and transmitted on the D-channel. No mod- 
10 ification of the exchange is required. 

While the invention has been described for use 
between a user system and a service provider, it is 
envisaged that it may be used more generally between 
any two systems which process data and need to com- 
is municate secure data between each other. An example 
is broadcasting of general data and transmission of 
secure data in parallel on a telecommunications link. 
Such secure data may include codes or keys for decod- 
ing broadcast signals. 
20 The secure channel may be used more extensively 
in a bi-directional manner. 

It is also envisaged that secure and general data 
paths other than the ISDN D and B channels may be 
used. For example, the secure data may be transmitted 
25 over a dial-up or leased line separately from general 
data transmitted over the Internet. 

The invention is not limited to the embodiment 
described but may be varied with the scope of the 
claims in construction and detail. 

30 

Claims 

1. A data communication method (1) carried out by 
mutually remote data processing systems (2, 3), 

35 the method comprising the step of a system trans- 
mitting secure data to the other system by a secure 
channel (35), characterised in that the method com- 
prises the further steps of :- 

40 a system identifying (34) category of data as 

being either secure or general, 

said system transmitting the general data via a 
general channel (36) which is at least partly 
45 physically separate from the secure channel, 

and 

the receiving system (3) receiving both the 
secure and general data via the secure and 
so general channels and merging (40) it. 

2. A method as claimed in claim 1 , wherein the trans- 
mitting system comprises means (5) for automati- 
cally identifying data category. 

55 

3. A method as claimed in claim 2, wherein the trans- 
mitting system (2) automatically recognises the cat- 
egory of the data according to programs initially 
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secure or general, 



4. A method as claimed in any preceding claim, 
wherein the secure channel is a signalling channel 
associated at the terminating points with the gen- 5 
era! channel. 

5. A method as claimed in claim 4, wherein the secure 
channel has a lower bandwidth than the general 
channel. 10 

6. A method as claimed in any preceding claim, com- 
prising the further step of the receiving system 
transmitting (32) a secure channel address to the 
transmitting system. 15 

7. A method as claimed in any preceding claim, 
wherein both the secure and general data are 
received by an exchange (8) connected to the 
transmitting system (2) and the exchange routes 20 
secure data via a telecommunications link (20) to 
the receiving system (3). 



8. A method as claimed in claim 7, wherein the 
exchange (8) routes the secure data to the receiv- 
ing system (3) via a management function (21). 

9. A method as claimed in claim 8, wherein the 
exchange (8) routes the secure data to the man- 
agement function (21) via a leased line (1 1). 

10. A method as claimed in claims 8 or 9, wherein the 
management function (21) routes the secure data 
to a system via a leased line (13). 
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11. A method as claimed in any of claims 7 to 10, 
wherein the management function (21) comprises a 
matrix correlating data processing system 
addresses used by said systems with addresses for 

a protocol between the exchange and said sys- 40 
terns. 

12. A method as claimed in any preceding claim, 
wherein the secure channel comprises the D-chan- 

nel of an ISDN connection (7), and the general 45 
channel comprises the B-channel of the ISDN con- 
nection (7). 

1 3. A data communication method carried out by a user 
system (2) and a remote host system (3), the so 
method comprising the step of the user system 
transmitting secure data to the remote system via a 

secure channel characterised in that- 

the secure channel includes the D-channel of 55 
an ISDN connection (7), 



the user system transmits the general data via 
an ISDN B-channel, a digital exchange (8) con- 
nected to the user system routes the general 
data via a non-secure path (1 0) to the host sys- 
tem and routes the secure data via a physically 
separate telecommunications link (20) to the 
host system, and 

the host system (3) receives both the secure 
and general data and merges it. 

14. A method as claimed in claim 13, wherein a digital 
exchange (8) routes the secure data via a manage- 
ment function (21) to the host system. 

15. A method as claimed in claim 14, wherein the man- 
agement function (21) comprises an addressing 
matrix to allow communication with a large number 
of host systems requested by the user system. 

1 6. A data processing system (2) comprising means for 
transmitting secure data to a remote data process- 
ing system via a secure channel (7,20), character- 
ised in that the system (2) further comprises means 
(5, 6) ton- 
identifying data as being either secure or gen- 
eral, and 

transmitting the general data via a general 
channel which is at least partly physically sep- 
arate from the secure channel. 



the user system identifies data as being either 
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